!!! Overview [1] [2] [3]
A [Best Practices] Gathered from years of experience and other knowledgeable sources.
There are of course, exceptions. 

However, anyone who has followed these "Principles" (I doubt) has ever regretted it.
* [Unique Identifiers] [SHOULD] be unique.
* [Unique Identifiers] [SHOULD] be a Lifetime identifier.
* [Unique Identifiers] [SHOULD] be issued from a central authority.
* [Unique Identifiers] [SHOULD] stored in all relevant systems/data bases.
* [Unique Identifiers] [SHOULD] __never__ be re-issued.
* [Unique Identifiers] [SHOULD] be assigned to all [entities|Entity].

In addition to the above, I would strongly recommend that the [Unique Identifier] be used for the naming attribute. If the [Unique Identifier] persists for the lifetime of the [Entity], then there are the following advantages:
* No rename of entries should be encountered.
* [Auditing] trails are easier to follow.

In tree of any size, looking for jdoe0001 or jdoe0002 will be done by performing a search.

!! Things to Think About
* [Security]
* [User Experience]
* Administration
* [Auditing]

!! Avoid Use of [Personal data] or [Private data] in [Unique Identifiers]
The use of any [Personal data] in [Unique Identifiers] [SHOULD] be avoided. The [United States Privacy Act] of [1974|Year 1974], the [Family Educational Rights and Privacy Act] ([FERPA]) and many State statutes regulate the collection, use, and dissemination of [Privacy] [data] information.

The [Best Practice] is suggested that an arbitrary [Unique Identifier] [SHOULD] be created for each [Entity] (or [LDAP Entry]) and this identifier should provide [anonymity] for the [entity].

!! [Best Practices For LDAP Naming Attributes]
Some ideas on [Best Practices For LDAP Naming Attributes]

!! [Ambiguous Naming Resolution Algorithm]
[Ambiguous Naming Resolution Algorithm] may make it easier to locate the proper identity.

!! [Unique Value Finder]
We wrote a [tool to generate Unique Identifiers|Unique Value Finder].

!! Used for Login
If the [Unique Identifier] must be used for [Authentication] (ie [UserId]) the length and complexity becomes important.

Most [Users] will have trouble remembering [UserIds] longer than 8 characters. Of course after a few hundred uses up to 10 characters is usually not an issue for this [Human Limitation]

Using [UUIDs] for [UserId] generally will not work due to the complexity.

!! Some [Examples]
[B003281] was an [Unique Identifier] that was implemented in a large [Organizational Entity]

It just so happen this particular [Organizational Entity] merged with another [Organizational Entity] which all their [Unique Identifiers] started with an "A". So from the [Unique Identifiers] perspective there were not collisions.

[B003281] can handle 999,999 [entities|Entity] and it would be relatively easy to move to A000001 and get another 999,999 [entities|Entity]

If you allow any to be alpha-numeric, then we have 36 possible values for each character which is (26+10)^6 = 2,176,782,336

if we use up to 
%%zebra-table
%%sortable
%%table-filter
||Characters||[Example]||Math|Number of
|6|B003281|(26+10)^6|2,176,782,336
|8|B00003281|(26+10)^8|2,821,109,907,456
/%
/%
/%


!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Identifiers Best Practices|https://www.incommon.org/docs/other/identifiers-best-practices-200005.html|target='_blank'] - based on information obtained 2013-04-27
* [#2] - [Findley's "LDAP Best Practices" paper, section 3.5|https://people.apache.org/~elecharny/ldapcon/Andrew%20Findlay-paper.pdf] - based on information obtained 2013-04-27
* [#3] - [Why Your Organization Needs an Enterprise-Wide Account Username Convention|http://blog.identityautomation.com/why-your-organization-needs-an-enterprise-wide-account-username-convention] - based on information obtained 2017-10-04